Tag Archives: Data Protection

Why Hard Drive Security Is Vital To Data Security

Posted on by
Reply
Data Destruction, Data Security, Digital DataHard drive destruction should also be incorporated with your document shredding process. Data Security comes in many forms and protecting your digital data is equally important as your paper data.The BBC ran a story warning that the only way to prevent cyber criminals from accessing information from old computers is to completely destroy hard drives. Formatting the drive does not erase the data completely. The warning came after a study showed thousands (22,000) of ‘deleted’ or ‘reformatted’ files were recovered from old computers purchased online or elsewhere.

The fact is there are software programs designed to help cyber criminals extract data even after it has been electronically erased from a hard drive.

(The data is not removed, it is allowing the data to be over written)

At the same time, there are other concerns that make secure electronic media and hard drive destruction a critical aspect of device security.

These are hard drive security concerns everyone should be wary of:

  • Volume.  There are more hard drives than ever in the workplace… in desktop computers, laptops, servers, phones, USB thumb drives, printers, copiers, and other equipment. In 2015, technology companies shipped more than 2.6 billion devices containing hard drives, according to US IT research firm Gartner.
  • Internet of Things (IoT).  According to one report, there are about 14 billion objects connected to the Internet today, and by 2020 industry analysts estimate the number will increase to anywhere from 20 billion to 100 billion. Many organisations are integrating IoT devices into the workplace to make work easier and more efficient, but employee IoT devices, which transmit and receive data, are an attack vector for cyber criminals. Safeguards must protect the business and the individual.
  • Upgrades.  Electronics become obsolete (and are replaced) within three or four years – and that affects BYOD security and other safeguards. Sensitive customer information is often stored on mobile devices, yet few employees take the necessary steps to keep corporate data on their devices secure. Many smart phones are not even password protected.
  • Data Protection Laws.  The Data Protection Act and industry guidelines require organisations to securely destroy confidential data at the end of its life. Failing to properly dispose of information could lead to a data breach, resulting in a fine of up to €100,000 being levied by the Information Commissioner’s Office.
  • Cybercrime.  Industry experts predict a continued boom in cybercrime. In terms of cost, the average consolidated total cost of a data breach rose 7% to €2.98 million in 2015 compared to the previous year. The 2015 Cost of Data Breach Study: UK from Ponemon also showed that the average global cost for each lost or stolen confidential record increased from a consolidated average of €120 to €130.
  • Responsibility.  Data stewardship is a corporate priority and responsibility. Security-driven workplace systems and controls help protect against external trends like data breaches and cybercrime. For example, a document management process protects confidential information from its creation to end of life. You will find that Businesses have never disposed of hard drives, USBs and other hardware that contain confidential information. A best practice: partner with a document destruction company that provides secure hard drive destruction as well as other security services and products for the workplace.

It’s important to understand device security and know your electronic media pitfalls and vulnerabilities to avoid being costly data breaches and a damage to your companies reputation.

Like, Comment & Share this story. Get involved in the conversation.

Reasons why having a “Clear Desk” Policy is beneficial for businesses today

Posted on by
Reply

confidential shredding, clean desk policy

A clear space, a clear mind. Paper shredding is a good habit to help clean up and also protect your data. Confidential document shredding service will help you clear out unwanted paper and documents that may have built up over the years.

(Shred your waste paper data)

It is the time of year for new beginnings, new healthy practices and in the business arena new accounting years. Even though we advocate best healthy practice we will now take a look at kick-starting some best practices for housekeeping within your place of work.

When looking around in your offices; are you looking at paper documents stacked in areas to be “Got to at some stage”, as we have begun new healthy habits in our personal lives it is also a great decision to look at implementing a clean desk policy also known as “waste paper procedure” within your offices.

Similar to a clean eating policy where you maintain clean and healthy macronutrients entering your body, a clean desk policy will direct your employees in maintaining a clean desk at all times during their working day.

We are all aware of the benefits of having a clean working area, “a tidy space equates to a tidy mind” however, a clean desk policy will also empower your Organisation to protect data in line with Data Protection Legislation.

Simple guidelines to protect your working data, whether the data is sensitive commercial data and/or personal sensitive data is to;

  1. Passwords and encryption upon electronic data carrier
  2. Have lockable cabinets within your office areas
  • Other suitable secure storage if/when required
  1. Once any of the data has been used and is no longer required you should insert it into secure consoles (Cabinets) awaiting destruction.

A well detailed and structured “Waste paper Procedure/Clean Desk Policy” really is of serious benefit to any Organisation and protects you in many ways such as;

  1. Saved money and resources
    Using a clean desk policy and having a certified vendor saves money upon downtime for staff in destroying old data
  2. Protect your Organisations Data and improve upon internal data flows

Detailing to staff that data digitalisation is the new company policy you will save money upon printing costs, increase efficiencies in data transfers and maintain business competitive with new data storage technologies.

  1. Data Protection law compliance
    It is essential for business to comply with the relevant Data Protection Laws in their jurisdictions, this includes not leaving it resting upon desks for casual bystanders to see the details; the Organisation in turn is protected from receiving for non-compliance fines and penalties
  2. Reduced data breach risk
    When private and sensitive information is protected from unauthorised view, there is less likelihood of information theft, fraud or a security breach, the costs of which can run into the £millions – in fines, reputation damage, and lost business
  3. Create a stronger reliability within your firm
    Ensuring that sensitive information is not left on desks will provide management with peace of mind that possible insider fraud is reduced to a minimum risk.
  4. Create a positive working environment
    As previously covered, a clean and tidy work space results in a clean and tidy mind enabling employees to be happy and consistent with their work duties and create an overall positive atmosphere within your workplace.

For more information, handy tips and beneficial help; Join the conversation on information security with Security in Shredding on Twitter @SecurityInShred.

Shredding Documents Before Recycling Them

Posted on by
Reply

Data Protection, Paper Shredding, limeirck paper shredding

Paper data still plays a major part of industrial paper shredding. It is important that you are Shredding confidential paper before it is put into recycling. This is to ensure that your data is protected and cannot be viewed by public eye.

Paper like any other recycling is often left in the blue bin outside your home or business for it to be collected. This is a common practice and nothing wrong with it. If your recycling contains documents of a personal nature and or sensitive data nor for public knowledge, how it is disposed needs to be taken into consideration.

It is quite easy to access anything contained in these bins and within an urban area someone in a “white van” and a high vis jacket could pull up and throw these bags into the van. What they do with these documents may be unclear but can be malicious intent. Having the documents shredded before it is recycled will increase your data security.

Shredding Documents

A good practice for your business to incorporate is to shred your document before you put them into recycling bin. Also to be aware that a simple office shredder does NOT provide adequate data destruction. This data can be reconstructed. An industrial paper shredding service provides you with secure paper shredding. Incorporating a service to handle and destroy your documents should be used.

Scheduled Onsite Collection

A reputable shredding service will provide you with a collection service to handle and securely destroy documents you have. Ringing your shredding service provider and organising a collection at a time specified by you will ensure that you know when your documents are to be transferred.

A shredding service can provide you with sealed bags for collection and shred them in off site paper destruction location. A shredding service can also provide onsite shredding service with their specially designed trucks to handle and destroy these documents.

Data Protection

Under the EU directive the data protection act and the data protection commissioner are governing bodies in place to ensure that businesses handle data correctly and ensure sensitive data is used in a correct manner.

For more information on a reputable shredding service in Ireland please visit:

https://www.securityinshredding.com/

Responding To Data Breaches

Posted on by
Reply

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

Paper Data;

Without a confidential document shredding service in place for shredding documents and media devices. Your company or business may become under scrutiny for not having these defensive measures in place to begin with.

It is common practice for a business to securely deal with paper documents in its handling, who can access it and how it is destroyed. Most businesses and organisations will incorporate a reputable paper shredding service and these processes are all above board.

Digital Data;

This trend is still widely used but not with the increase in use of mobile devices globally. Digital Data has become the preferred use of displaying data. How this information is used and the potential of this information being misused. Issues regarding digital use to be an “IT issue” but this is now no longer the case. Data Breaches and leaks have become more and more common due to lack of cyber protections in place. Lack of knowledge for one about cyber security is one factor that causes these issues.

Data Protection

A Data Protection strategy for digital and paper documents must be implemented throughout a business. There are governing bodies in place and bodies localised to your business and is worth knowing what procedures are in place for data protection. In Ireland the Data Protection Commissioner is a governing body directive from the EU.

“The office of the Data Protection Commissioner is established under the 1988 Data Protection Act.  The Data Protection Amendment Act, 2003, updated the legislation, implementing the provisions of EU Directive 95/46. The Acts set out the general principle that individuals should be in a position to control how data relating to them is used.”

The DPC provides guidelines for data protection and methods. If these measures are in place before a data breach occurs, it can save face for a business reputation and wont be scrutinised for not having these measurements in place to begin with.

The DPC site offers guidelines regarding Data Security both physically and digitally and the guidelines can be viewed here.

https://www.dataprotection.ie/docs/Guidance-Material-Menu-Page/m/219.htm

An Industrial Paper Shredding Service will provide you with credible Data Protection service please visit our site for more information:

Email us at info@securityinshredding.com

No. of Data Leaks and Data Breaches Increasing

Posted on by
Reply

irish data breaches, Data Protection, Paper Shredding, Data Destruction

Industrial paper shredding can be implemented using an off site shredding service throughout Ireland. Onsite shredding services are also available in the Dublin, Cork, Limerick, Galway and Waterford areas. These services should be common practice for businesses to comply with Data Protection laws.

It has become an increasingly talked about topic both globally and in Ireland of user’s details being leaked accidentally or retrieved through malicious means. The most recent story on a global scale is the “Panama Papers” involving political figures and leaders having offshore accounts and profiting from them. How the leak happened is still unclear but can happen.

Closer to home the Irish Aviation Authority (IAA) was the case of a data leak. The leak revealed the details of listed drone users in the country. No credit card details were released but names, addresses and emails were revealed. The leak was an internal issues and was dealt with accordingly. The Data Protection Commissioner was informed with the leak and appropriate actions were taken.

If A Breach Occurs

Your own business like any other business can be subject to a Data Breach or Leak. To think it wont happen to you is naive and bad business practice. If you feel a breach has occurred there are a number of steps you should follow if the breach occurs.

  • Take your site offline so the leak/breach is no longer available
  • Find out where the breach occurred. Contact IT or site developer for help
  • If public details are released then inform the Data Protection Commissioner
  • Issue a warning to the effected users that the breach occurred
  • Passwords for accounts need to be updated to prevent unwanted access to user accounts.

The quicker you deal with the issue the less damaging it is for business in the long run. Contacting the Data Protection Commissioner (DPC) is important as they are a governing body for issues like these. Failure to contact the DPC can result in a hefty fine and be damaging for business if the issue goes public.

Data Protection is vital for businesses to succeed and now more than ever it is important to have proper Data Security setup to prevent these kind of attacks. A confidential shredding service will provide your business with its Data Protection. Consulting with them about your Data Security would also be recommended.

Data Protection Commissioner Data Security Guidelines:

https://www.dataprotection.ie/viewdoc.asp?DocID=1091

Protecting Personal and Work Devices

Posted on by
Reply

secure data

All electronic devices can potentially suffer from Data Breaches if not protected correctly. The breach can be in violation of Data Protection laws if the Data Protection Commissioner is not informed. Secure document destruction is an important part of business and organisation incorporate.

A recent event involving a personal computer used in a federal building that contained details of child support accounts, and social security details and other hard drives that may have contained user details.

A US watchdog wrote an open letter to the federal government asking why staff member was able to use a personal device to access these details, given that it violates the security policy. The letter continues and mentions other Data Breaches in government buildings and the lack of Data Protection.

Situations like this increasingly more common and not just government buildings. Bank account details have being breached. Online accounts to various sites have being breached and this happens on a global scale. You will hear that the breach occurred because someone left a device behind them. Be it the seat of a train home from work, a USB key dropped in a cafe.

The human error of forgetting something is not the problem (we all forget things from time to time), but the issue is the data contained on these devices and the lack of protection in place especially devices with sensitive data.

Company Policy

It is worth knowing your company polices on weather or not personal devices are allowed to conduct business actions. Also if using company devices weather or not you can use personal applications on them. It is important to know this. We live in a time of technology and information being widely available and with the increased usage there is also the potential of breaches.

How these breaches occur will can vary but there are common factors and technology is written with a universal language.

  • Ask your IT specialist on what to look out for when using the device
  • Research good practices online
  • Enalble location of device if appliable in case it is misplaced.
  • Encrypt devices where possible including mobile devices and USB keys
  • Be aware of what information is stored on a device (paper or electronic) and the potential breach that could occur if misplaced.

A confidential shredding service will also improve your Data Security and provide you with methods for protecting your device. Please visit our site for more information:

https://www.securityinshredding.com/

Data Security From Top To Bottom

Posted on by
Reply

Security in Shredding Logo. 2014.

Data Security is a vital for businesses to run. Weather it is paper shredding and or media destruction a confidential shredding service is needed.

Security is a strategic part of company policy. While physical security has being around for a long time. Security cameras, security personal, alarm systems etc are common terms to hear when referring to security. When it comes to cyber security the terms used become less frequent and can appear more intimidating to the untrained ear. You will hear terms like encryption, end to end encryption, firewalls and 2 step verification are terms involving cyber security.

Digital Data has grown over the past 20 years and this has lead to the increase of Data Breaches in industries and organisations. Often the case for these breaches were due to certain aspects not having protections in place. With the increase in electronic devices it should no longer be just a matter for the IT department but a company wide matter.

In The Boardroom

Data Security and Digital Data must be a part of the boardroom’s security strategy and treated equal to the overall security of the company. Awareness to cyber issues should be known be all board members and not just the CIO.

This should include the company policies in place. What are the major threats to Digital Data. Regular update of this information from IT department to the board to increase awareness.

Human Error

All the security measures in place cannot protect against human error. People will forget items, it happens. A stray document left on a table or seat when travelling. Not just paper documents but mobile devices also need to be looked after again of the potential of sensitive data being accessed.

Less technical minded people who use these devices may also use social media and other sites while not being aware of potential breaches or what data they might expose.

Setting up security features before the device is used will help improve security. Password setup and enabling encryption on messaging systems will greatly improve the device security.

Company Policies and Terms Of Use

Is a term widely used throughout Technology sector. A person must agree to these terms before they can use a product. This should also be adopted by your own company if issuing devices for board members and staff. It does not have to be a technical document but a set of guidelines and processes to do when dealing with sensitive data.

Technology is constantly improving and changing are for some people it can be hard to learn these new technologies and this is where the potential breaches can occur. With a regularly updated information to the board members will ensure your data is secure.

For more information on the Data Protection please visit: https://www.securityinshredding.com/legislation.php

The Disadvantages of Office Shredders

Posted on by
Reply

Paper Shredding

Data Breaches and Data Security go hand in hand and a incorporating a confidential shredding service will benefit you and your business significantly.

As a result of people becoming increasingly aware and vigilant of their confidential data and conscious of what readable files are disposed off in their bins, small office shredders are consequently on the rise. Many offices have an office shredder tucked in the corner or next to the printer; but in reality these small devices are putting your employees at risk, draining your time, compromising your security and also shredding your money so to speak.

Whereas if you outsource the destruction of your documents to a certified data destruction professional you are eliminating the length of time an employee has to spend feeding the small office shredder, eliminating a data breach, managing your end of life documents efficiently and appropriately reducing the amount of down time an employee spends in the working day.

Is an office shredder safe?

An office shredder is no shortage of blades, cutting knives and teeth moving at a few thousand RPM and it is usually placed in an easy to access area for people to use it. An office shredder cannot tell the difference between a paper and other items, such as:

  • Stray clothing e.g. ties, blouses/ shirts
  • Jewellery
  • Long sleeves
  • Fingers
  • Hair

People don’t realise that if a piece of paper gets stuck in a shredder; most people go to the power point to turn it off. What if it is battery powered? Would you know the shredder was completely powered off?

It’s easy to see how with no training, such a simple device can be a danger to a first-time user.

Time Consuming

The typical office shredder will boast a shredding power of between 3-5 sheets at a time, sounds acceptable but if one is shredding a 30, 50 or 100 page document will soon become a wearisome and time consuming task. Office shredder Manuals will have illustrated  that staples, paper clips or other tough bindings must be removed prior to shredding. Taking these out one by one and checking through pages and pages of paper for stray staples or clips is more time consuming than one might think.

Confidentiality

Why shred the documents you might ask?; The primary reason for shredding your documents should be to maintain confidentiality and security and ensure zero data breaches occur. Many standard budget shredders will cut paper into roughly 40-50 strips, which may seem like a lot, but it wouldn’t take a smart and determined criminal too long to re-assemble 50 strips of an A4 piece of paper and restore it to a legible condition.

Therefore by employing a registered Data Processor whom is a certified shredding service professional to complete all your data destruction requirements; will not only free up employee time but eliminate risk of a data breach and maintain the high level confidentiality that you require.

Cost

It’s difficult to put a cost figure on the security of your information, which is why a professional, efficient and secure shredding service is always advised. The actual cost of an office shredder may initially appear as a cheap investment in comparison to the cost of the services of a certified, registered shredding service provider but from employing a Data destruction service provider you will have little or no employee down-time, guaranteed destruction of documents and 100% total piece of mind.

The shredding service provider removes the shredded paper material from the clients location and transports the shredded material to the licensed waste recycling facility and off-loads the material as part of the cost.

If you’re thinking of making the change from an office shredder to a registered, certified, professional data destruction service provider, you can contact us for our professional advice and affordable prices.

For information on a confidential shredding service please visit:

https://www.securityinshredding.com/

10 Steps To Prevent Data Breach regarding Cyber Security

Posted on by
Reply

Security In Shredding logo

Paper Shredding Services are an important part of business practice. A reputable onsite shredding service can be incorporated for business Data Protection.

Cyber Security comes in many forms and one method which is targeted regularly are credit cards. Criminals will try anything into tricking people to obtain credit card numbers. There are a number of preventative methods you can use to protect your details. Below is a list of steps to look out for to improve your data security:

  1. Don’t be tricked into giving away confidential information;  make sure you do not respond to emails or phone calls requesting confidential information. Report any suspicious activity to IT and/or your manager.
  2. Don’t use an unprotected computer; ensure to use a computer that has latest approved security software prior to viewing and company information (particularly if you are viewing the material from an internet café or shared computer)
  3. Don’t leave sensitive information on your desk; Keep them safe by locking them in a drawer or have them destroyed – shredded securely using a registered Data Processor.
  4. Lock your computer and mobile phone when not in use; Keeps your data and contacts safe from prying eyes.
  5. Stay Alert and report suspicious activity; In case something goes wrong and the sooner you report the issue the faster it can be dealt with.
  6. Password-protect sensitive files and devices; Protecting your devices with strong passwords means you make it incredibly difficult to break in and steal data.
  7. Always use hard-to-guess passwords; Make sure to use complex passwords not just 12345 or abcdef but “G$4s1KoOl” for example. (It is used more often than you think.)
  8. Be cautious of suspicious emails and links; don’t let curiosity get the best of you. If it sounds too good to be true it probably is.
  9. Don’t plug in personal devices without the OK from IT; Personal devices can be compromised with code waiting to launch as soon as you plug them into the computer.
  10. Don’t install unauthorised programs on your work computer; If you like an application and think it would be useful, contact IT to look into it for you before installing.

By following the Do’s and Don’ts mentioned above you will greatly reduce the risk of a cyber attack.

Security in shredding offers this type of security and more. please visit our website for more information: https://www.securityinshredding.com/ 

Cyber Security & Credit Cards, Data Security

Posted on by
Reply

credit-card-scams-data-breaches

Confidential paper shredding is not just about shredding paper. Data comes in many forms and credit cards is one form of data that needs to be protected.

A current example of a cyber security breach is a string of fraudulent activity on customer credit cards used at Trump Hotel Collection. The activity appeared on cards used in the past two to three months at a number of Trumps Hotels. The exact number of hotels this has occurred is unknown at this moment in time but it marks the second breach of the hotel chain in the last year.

Below I have listed some Do’s and Don’ts that we should all apply in our day to day activities;

Do’s :

  • Do keep your credit card safely and treat it as you would treat cash & Never leave it unattended.
  • Do keep your credit card in the same place within your wallet/purse so that you notice immediately if it is missing.
  • Always memorize your Personal Identification Number (PIN) and change it on regular basis.
  • Do Exercise caution while transacting on websites for any on-line purchase.
  • Do make regular payment of your credit card dues. This will help you in avoiding levy of finance charges, late payment charges, etc.
  • Do Change your login Passwords Periodically: We recommend that you change your passwords regularly, at least every 30 days or so. To change your Passwords, login to the ‘Online Credit Cards’ section, then click on the ‘Change Password’ option given on left side of the screen. Please change the password immediately if you think it is compromised.
  • Look for the padlock symbol on the bottom bar of the browser to ensure that the site is running in secure mode before you enter sensitive information.
  • Shred unnecessary financial documents immediately: Discard pin or password mailers immediately after memorizing them. Never write them down.

Dont’s:

  • Do not keep a copy of your PIN in your wallet/purse and never write your PIN number on your credit card.
  • Do not reveal your PIN to any one – not even to your family members.
  • Do not reveal your credit card details/ PIN number/ etc. to any email soliciting your personal information/ any telephonic survey.
  • Do not seek help from strangers at the ATM, even if offered voluntarily, while utilizing your credit card at ATMs.
  • Do not bend your credit card.
  • Never sign an incomplete charge slip.
  • Never open email attachments that have file extensions like .exe, .pif, or .vbs. Such files are usually dangerous.

For more information please visit on a secure shredding service: https://www.securityinshredding.com/